Application Security Manager - Workleap

Company Description

Workleap is a Montreal-based tech company on a mission to make work simpler. Since 2006, we’ve been building game-changing products that tackle HR and IT’s biggest challenges. Workleap operates two distinct product lines:

• The Workleap Platform, an AI-powered HR solution designed to drive team performance and boost employee engagement.
• ShareGate , the leading Microsoft 365 migration and governance solution, trusted by IT professionals worldwide for its unmatched simplicity.

Today, more than 20,000 companies rely on Workleap products to grow, lead, and operate with confidence. We’re builders at heart, with a clear purpose: to craft the simplest products that deliver exceptional value for our customers. Period.

Job Description

So, what will your new role look like?

As an Application Security Manager, you will be a hands-on individual contributor responsible for embedding security directly into our products, pipelines, and development workflows. This is a deeply technical role where you will write code, build tooling, and work closely with developers to ensure security is a natural part of how we build and ship software.

You will join the AI-SDLC team, which builds internal platforms and tooling that enable AI agents to operate across the development lifecycle. Your mission will be to ensure that security is integrated from the ground up across these tools, pipelines, and agentic workflows—enabling secure-by-default product development at scale.

Responsibilities

• Ensure security is embedded into CI/CD pipelines by delivering scalable, automated tooling and integrated security checks (SAST, DAST, SCA, secret scanning);
• Enable secure-by-default development by designing and implementing automated, policy-driven security review workflows;
• Establish robust security guardrails within AI-assisted development and agent workflows to reduce risk while maintaining developer velocity;
• Reduce risk exposure by proactively identifying, assessing, and driving remediation of application security vulnerabilities;
• Strengthen application security posture by leading threat modeling and security assessments for new features and architectural changes;
• Improve detection and response capabilities through the development of automation, tooling, and streamlined vulnerability management processes;
• Elevate cloud and application security by partnering with Infrastructure SecOps to harden Azure environments and deployment practices;
• Enhance external security feedback loops by contributing to and scaling the bug bounty program and vulnerability intake processes.

A typical week?

• Writing code for security tooling, CI/CD configurations, and automated review workflows;
• Designing and refining policy-based security checks in pipelines;
• Building a